Urano Fujio release his game "xecross" in 2002.
and we still can download it in many sites
(example https://www.hpcfactor.com/scl/1368/Urano_Fujio/Xecross),
and play the game in wince 5.0 device emulator.
But Urano has bugs(or feature) in the game:
when we press key left,right,up,down,
the jet do NOT move.
------------ asm ---------------------------------------------------
+--------+--------+-------------------+----------------------------+
| pc |bin-code| asm-code | c-code |
+--------+--------+-------------------+----------------------------+
|00012DA4| ... |cmp r5, r0 |if(msg==WM_KEYUP) |
|00012DAC|3700000A|beq 12e90 | { |
|00012E90|0D0054E3| cmp r4, 0xd | if(wParam==VK_RETURN) |
|00012E94|1700000A| ... | .... |
| | | | } |
|00012DC4| |cmp r5, r3 |else if(msg==WM_KEYDOWN) |
|00012DC8| |bne ... | |
|00012DCC|0D0054E3|cmp r4, 0xd | {if(wParam==VK_RETURN) |
|00012DD0|1800000A|beq ... | .... |
|00012DD4| |cmp r4, 0x25 | else if(wParam==VK_LEFT) |
|00012DD8| |beq 12e28 | |
|00012E28|2C001FE5| r0=157b8;//&key| {key |=0x01 |
|00012E2C|F030D0E1| ldrsh r3, [r0] | |
|00012E30|013083E3| orr r3, r3, 0x1| |
|00012E34|320000EA| b 12f04 | break;} |
|00012DDC| |cmp r4, 0x26 | else if(wParam==VK_UP) |
|00012DE0| |beq 12e18 | |
|00012E18|1C001FE5| r0=157b8;//&key| {key |=0x04 |
|00012E1C|F030D0E1| ldrsh r3, [r0] | |
|00012E20|043083E3| orr r3, r3, 0x4| |
|00012E24|360000EA| b 12f04 | break;} |
|00012DE4| |cmp r4, 0x27 | else if(wParam==VK_RIGHT)|
|00012DE8| |beq 12e08 | |
|00012E08|0C001FE5| r0=157b8;//&key| {key |=0x02 |
|00012E0C|F030D0E1| ldrsh r3, [r0] | |
|00012E10|023083E3| orr r3, r3, 0x2| |
|00012E14|3A0000EA| b 12f04 | break;} |
|00012DEC| |cmp r4, 0x28 | else if(wParam==VK_DOWN) |
|00012DF0| |bne default;//12f94| |
|00012DF4|08009FE5| r0=157b8;//&key| {key |=0x08 |
|00012DF8|F030D0E1| ldrsh r3, [r0] | |
|00012DFC|083083E3| orr r3, r3, 0x8| |
|00012E00|3F0000EA| b 12f04 | break} |
|00012E04|B8570100|dd 157b8;//&key | else;} |
+--------+--------+-------------------+----------------------------+
this game modify the key, but nobody read it again.
so i chng to code to:
+--------+--------+-------------------+----------------------------+
| pc |bin-code| asm-code | c-code |
+--------+--------+-------------------+----------------------------+
|00012DA4| ... |cmp r5, r0 |if(msg==WM_KEYUP) |
|00012DAC|7800000A|beq default;//12f94| {goto default} |
|00012E90|f0510100|dw 151f0;//-x | |
|00012E94|f2510100|dw 151f2;//y | |
| | | | |
|00012DC4| |cmp r5, r3 |else if(msg==WM_KEYDOWN) |
|00012DC8| |bne ... | |
|00012DCC|BC009FE5|ldr r0, [12E90] | {p_x=&(-x) |
|00012DD0|BC309FE5|ldr r3, [12E94] | p_y=&y |
|00012DD4| |cmp r4, 0x25 | else if(wParam==VK_LEFT) |
|00012DD8| |beq 12e28 | |
|00012E28|F030D0E1| ldrsh r3, [r0] | {x=*p_x |
|00012E2C|103083E2| add r3,r3, 0x10| x+=0x10 |
|00012E30|B030C0E1| strh r3, [r0] | *p_x=x |
|00012E34|560000EA| b 12f94 | break};//default |
|00012DDC| |cmp r4, 0x26 | else if(wParam==VK_UP) |
|00012DE0| |beq 12e18 | |
|00012E18|F000D3E1| ldrsh r0, [r3] | {y=*p_y |
|00012E1C|100040E2| sub r0,r0, 0x10| y-=0x10 |
|00012E20|B000C3E1| strh r0, [r3] | *p_y=y |
|00012E24|5a0000EA| b 12f94 | break};//default |
|00012DE4| |cmp r4, 0x27 | else if(wParam==VK_RIGHT)|
|00012DE8| |beq 12e08 | |
|00012E08|F030D0E1| ldrsh r3, [r0] | {x=*p_x |
|00012E0C|103043E2| sub r3,r3, 0x10| x-=0x10 |
|00012E10|B030C0E1| strh r3, [r0] | *p_x=x |
|00012E14|5e0000EA| b 12f94 | break;};//default |
|00012DEC| |cmp r4, 0x28 | else if(wParam==VK_DOWN) |
|00012DF0| |bne default;//12f94| |
|00012DF4|F000D3E1| ldrsh r0, [r3] | {y=*p_y |
|00012DF8|100080E2| add r0,r0, 0x10| y+=0x10 |
|00012DFC|B000C3E1| strh r0, [r3] | *p_y=y |
|00012E00|630000EA| b 12f94 | break};//default |
|00012E04|00000000| | else;} |
+--------+--------+-------------------+----------------------------+
in other word: i chng [12DAC~12DAF](1 dword),
[12DCC~12DD3]( 2 dword),
[12DF4~12E37](17 dwords),
[12E90~12E97]( 2 dword).
the above are in memory, in exe file, their offset are
[21AC~21AF]
[21CC~21D3]
[21F4~2237]
[2290~2297].
i modify they in exe file, and i find I can
move the jet by key left,right,up,down, NOW.
Take a look at https://forest.watch.impress.co.jp/article/2002/04/22/xecross_1s.gif
the origin jet is low.
and look at my capture.png, the jet is high.
it runs better. Of cause, before modify the exe,
I back up it as "CROSS.EXE".
To prove I just modify 22 dwords(64 bytes),
I input "fc /b Xecross.exe CROSS.EXE" in my console.
If i want a file report, i can "Xecross.exe CROSS.EXE > fc.txt".
so I get a text file, which name is "fc.txt", and which content is:
Comparing files Xecross.exe and CROSS.EXE
000021AC: 37 78
000021CC: 0D BC
000021CE: 54 9F
...
00002294: 17 F2
00002295: 00 51
00002296: 00 01
00002297: 0A 00
------------ after word ------------------------------------------
If you had download a same xecross.exe, after you notice bugs above, you can
1)send message to "urano235@egroups.co.jp" ...
but it has error 404.
2)download the source code Xec_src.lzh, compile by yourself...
even you maybe not a programer.
3)input "difc.exe fc.txt" in console.(Of course, the name of file is not important).
so you will get the new file "cross.exe",
and you can play with it in wince 5.0 device emulator now.
